formbook

General

Target

SecuriteInfo.com.PWSX-gen.15104.7180.exe
Size

935KB
Sample

250205-d4x5zsypek
MD5

6030be9effde524bcdbcf14ec05ca651
SHA1

6d0b6bba281ed8ae9c9b8b9bc53f34b721608400
SHA256

762bfb4d60c0f58658f0f04470856ae4305c4d1f7d1f3fb9c053cbb5f15fd57e
SHA512

003064eac5edebf4c011e6272734881d440285df3ab3248b8b499b2ba52ca866e0600101ed9874b28abd16ee046068b1c28d3d2a256bee542d736f5fe0885396
SSDEEP

12288:4AbsbLgqUZsCHbn1VBbRj+PWIdEeM73Itc8Dulwg32EiylMBnfU2J96i:3mgfZV5bQ+eM7125yGzHZ

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

i62s

Decoy

uamentesaudavel.shop

nio.xyz

rginine12.live

ourmet94goodies.shop

dveo.xyz

epp.xyz

lexbreus.art

nline-gaming-32533.bond

znetio.info

hosaround.net

ecurity-apps-53798.bond

treamtiendat.xyz

ngomoney.online

wig.xyz

ills-au.today

megavine.shop

hatsea.net

nvestore.xyz

pasupplies.online

i-analyst.online

Targets

- Target
  
  SecuriteInfo.com.PWSX-gen.15104.7180.exe
- Size
  
  935KB
- MD5
  
  6030be9effde524bcdbcf14ec05ca651
- SHA1
  
  6d0b6bba281ed8ae9c9b8b9bc53f34b721608400
- SHA256
  
  762bfb4d60c0f58658f0f04470856ae4305c4d1f7d1f3fb9c053cbb5f15fd57e
- SHA512
  
  003064eac5edebf4c011e6272734881d440285df3ab3248b8b499b2ba52ca866e0600101ed9874b28abd16ee046068b1c28d3d2a256bee542d736f5fe0885396
- SSDEEP
  
  12288:4AbsbLgqUZsCHbn1VBbRj+PWIdEeM73Itc8Dulwg32EiylMBnfU2J96i:3mgfZV5bQ+eM7125yGzHZ
Score

10^/10

formbook i62s discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2